Mr Robert Pye 

By Email: robert.pve@parliament.scot 


4 June 2019 
Dear Mr Pye 

Thank you for your request for information under FOISA 2002, regarding the operational 
guidance on human rights due diligence checks. Please see a response to each of your 
questions below. 

A list of all external (to Scottish Enterprise, so including other government agencies 
or the government itself) individuals and organisations who were consulted in the 
process of developing the operational guidance 

We consulted with Highlands & Islands Enterprise (HIE) and the Scottish Government during 
the process of developing the operational guidance on human rights due diligence checks. 

All correspondence with those external consultees, including minutes of meetings at 
which they discussed the guidance 

Please find attached our correspondence with Scottish Government which discusses the 
guidance. You will note that some personal information has been redacted under section 
38(l)(b) of FOISA 2002, reasons why are explained below. 

We had initial discussions with leading providers of diligence solutions to give us a better 
understanding of any commercial products that would help us to deliver the process. These 
initial discussions concluded that no existing product particularly suited our requirements. 
Therefore, under section 17(l)(b) of FOISA 2002, we do not hold correspondence with these 
external consultees. 

Copies of the live-case testing and review process the operational guidance 
underwent 

Under section 17(l)(b) of FOISA 2002, we do not hold a copy of the live case testing, 
however, can explain the process. 

As a publicly funded body we recognise the need to ensure that the use of our resource is 
subject to high standards of governance. When investing in companies Scottish Enterprise 
ensures that it undertakes appropriate due diligence prior to finalising any formal agreement 
for support. 

This due diligence has been developed further, and since March 2019 has included an 
examination of the track record of companies or their owners regarding their human rights 
record. 

The scope and depth of the diligence carried out is proportionate to the level of intervention 
and takes in to account the financial and reputational level of risk. A programme of staff 
training has been undertaken across Scottish Enterprise to support the implementation of 
these additional checks. 

A copy of the operational guidance on human rights due diligence checks 

Please find a copy of the operational guidance attached. 



If you consider that your request has not been handled appropriately you have the right 
under the Freedom of Information (Scotland) Act 2002 to request a review. 

A request for review must be submitted in writing or other permanent form within 40 working 
days of the date of this letter and should be addressed to: 

Steve Dunlop 
Chief Executive 
Atrium Court 
Scottish Enterprise 
50 Waterloo Street, 

Glasgow, 

G2 6HQ 

e-mail: steve.dunlop@scotent.co.uk 

It must include your name and an address for correspondence (e-mail address is 
acceptable) and specify the request for information to which the requirement for review 
relates and the matter which gives rise to your dissatisfaction with the decision. Scottish 
Enterprise will respond to any request for review within 20 working days of receipt. 

Your right to apply to the Information Commissioner under FOISA 

If you are dissatisfied with the outcome of the review you have the right under FOISA to 
apply to the Scottish Information Commissioner within six months following the date of 
receipt of the review notice. 

Appeals can be made online at: 

http://www.itspublicknowledge.info/YourRights/Unhappywiththeresponse/AppealingtoCommi 

ssioner.aspx 

If you do not wish to appeal online, you can appeal by post, or by e-mail. Details are below: 

Office of the Scottish Information Commissioner 
Kinburn Castle, 

Doubledykes Road, 

St Andrews, 

Fife, 

KY16 9DS 

Email: enquiries@itspublicknowledae.info 
Tel: 01334 464610 

Please note that we will only process the personal data you have provided to respond to this 
request and in accordance with our privacy notice which can be found on our 
website: https://www.scottish-enterprise.com/about-us/transparencv/privacv-notice/how-we- 

use-vour-information/enquiries 

Yours sincerely 

Corporate Communications 
Scottish Enterprise 








Section 38(l)(b)- Personal Information 


The exemption contained in section 38(l)(b) of FOISA has been applied to some of the 
withheld information you requested, in this case names, email addresses and contact details 
of Scottish Enterprise and Scottish Government staff. 

Section 38(l)(b) together with Article 5(1) of the GDPR creates an exemption from 
disclosure where the information requested constitutes the personal data of a third party and 
disclosure of that data would breach any of the data protection principles set out in the Data 
Protection Act 2018 (“DPA”). Article 5(1) states that “personal data shall be processed 
lawfully, fairly and in a transparent manner in relation to the data subject.” As an absolute 
exemption, there is no need to consider the public interest in the application of this 
exemption. 

Information has been withheld from you under this exemption in respect of names of 
individuals which constitutes as personal data. I am satisfied that the information that has 
been withheld constitutes the ‘personal data’ of the individuals concerned, as defined in 
section 1(1) of the DPA 2018. 

SE has examined whether or not disclosure of the information you have requested, insofar 
as that is personal data, would breach the requirements of the first data protection principle. 

Fairness 


In assessing whether release of the information would be fair, we have had regard to the 
Scottish Information Commissioner’s Exemption Briefing Series on the section 38 
exemption, and to guidance produced by the UK Information Commissioner, who has overall 
responsibility for data protection issues throughout the UK. In line with that guidance, and in 
coming to the decision to withhold personal data on the basis that it would be unfair to 
release it, we have taken into consideration: 

• any potential damage or distress which may be caused by disclosure of the 
information; 

• whether the information relates to the public or private life of the individual; and 

• the expectations of the data subjects with regard to the release of the information. 

Disclosure of the individuals’ personal data into the public domain may cause them damage 
or distress. It would not be within the expectation of the individuals that their personal data 
would be put into the public domain under FOISA. 

Release of the information would therefore be unfair and consequently would be in breach of 
the first data protection principle and therefore also unlawful. Given that the disclosure would 
be unfair, and therefore unlawful, in terms of not complying with the first data protection 
principle, it is not necessary to go on to consider any of the conditions in schedules 2 or 3 of 
the DPA 2018, or other aspects of lawfulness. The information must be withheld under 
section 38(l)(b) of FOISA, taken together with Article 5(1) of the GDPR. 




